XML Ticket: Generalized Digital Ticket Definition Language Ko Fujimura NTT [email protected]...
-
Upload
karlee-wixon -
Category
Documents
-
view
217 -
download
0
Transcript of XML Ticket: Generalized Digital Ticket Definition Language Ko Fujimura NTT [email protected]...
XML Ticket: Generalized Digital Ticket Definition Language
Ko Fujimura
NTT
Position Paper for The W3C Signed XML Workshop
The W3C Signed XML Workshop - Copyright © 1999 NTT -2-
Contents Goals of NTT’s Flexible Digital Ticket Project
XML Ticket - Important application of XML DSig
Requirements
XML based approach
Important features
Issues to be discussed
The W3C Signed XML Workshop - Copyright © 1999 NTT -3-
Background Presently established information delivery methods:
Web
News
Channel
Digital cash
...
No digital medium that prevents duplicate redemption and enables trading of various rights
The W3C Signed XML Workshop - Copyright © 1999 NTT -4-
Web Ticketing & Presentation
Wallet Page
ShopsShops My ticket walletMy ticket wallet
Ticket
The W3C Signed XML Workshop - Copyright © 1999 NTT -5-
Definition of Digital Ticket Digital medium that guarantees certain rights
of ticket owner
Signed I (I, P, O)
Is it a certificate?
Yes, but with an additional feature:
I: IssuerP: PromiseO: Owner
Certificate +Online currency checking system orTamper-proof device
The W3C Signed XML Workshop - Copyright © 1999 NTT -6-
Examples of Promise P A flight between Boston and Tokyo can be reserved
with this ticket
This ticket can be exchanged for 1g of gold
After Oct. 1999, this ticket can be exchanged for my car
One image file in a particular server can be downloaded with this ticket
The bearer of this ticket has unlimited telephone use for one month
The W3C Signed XML Workshop - Copyright © 1999 NTT -7-
Examples of Digital Tickets
TypeEvent ticketPlane ticketLottery ticketTicket for car washTelephone cardDigital cashSoftware licenseTransportation passGate cardDriver's license
The W3C Signed XML Workshop - Copyright © 1999 NTT -8-
Why Generalized? Reduces implementation cost
Ticketing system
Ticket wallet
Ticket examination system
Provides a uniform and collected view as a real wallet
Cash, credit cards, ID cards, and various tickets are stored together
Possibility of new businesses
Revocation and packaging service
Safety deposit box service
Requirements on Language
The W3C Signed XML Workshop - Copyright © 1999 NTT -10-
Composability
Consume
Consume
Consume
Consume
Sub-tickets issued separately A book of stamps Point cards Stamps of approval
Sub-tickets consumed separately Travel tickets A book of tickets for car wash
The W3C Signed XML Workshop - Copyright © 1999 NTT -11-
State Manageability Ticket properties may require changes while in
circulation
Payment status
Paid or Unpaid
Reservation status
Wait listed, reserved, or canceled
Approval status
Owner (if transferred)
The W3C Signed XML Workshop - Copyright © 1999 NTT -12-
Machine-understandability Reduces number of disputes
Facilitates ticket search
ChipsChips
The W3C Signed XML Workshop - Copyright © 1999 NTT -13-
Efficiency Tickets can be stored in a smartcard
Restricted memory
Low data transmission speed Longer definitions causes longer data transfer time
High performance is critical
Transportation pass
Event ticket
The W3C Signed XML Workshop - Copyright © 1999 NTT -14-
Circulation Controllability Parameterization of ticket properties
Anonymity
Transferability
Redemption method Consume -- Number of times it can be consumed
Present
Circulation conditions
Examples:
Only qualified shops can issue tickets
Only registered members can circulates tickets
Only qualified shops can punch tickets
The W3C Signed XML Workshop - Copyright © 1999 NTT -15-
Security Supports a facility for preventing duplicate
redemption
Online currency checking system
Tamper-proof devices
XML Based Approach
The W3C Signed XML Workshop - Copyright © 1999 NTT -17-
A ticket is a set of signed descriptions with links
State-transitionality of ticket status
Composability of multiple tickets
XML-based Digital Ticket
The W3C Signed XML Workshop - Copyright © 1999 NTT -18-
XML-based Digital Ticket A ticket can be distributed
Links to up-to-date information Event location after postponement Certificates (may be revoked) Advertisements
Links to large contents Images, sounds, movies Conditions of contract
The W3C Signed XML Workshop - Copyright © 1999 NTT -19-
XML-based Digital Ticket Meaning of properties can be defined using RDF
schemas -- Useful for Promise property
RDF schemas can be located somewhere in a network
XML Ticket Features
The W3C Signed XML Workshop - Copyright © 1999 NTT -21-
Ticket Properties Three-layered Model
Properties ExamplesControlparameters
TypeID, TicketID, IssuerID, OwnerID,Validity, View
Industry-specific
Flight number, Class (Plane ticket)Place, Event name (Event ticket)
Promise
Issuer-specific
Mileage pointsAdvertisements
The W3C Signed XML Workshop - Copyright © 1999 NTT -22-
Autonomous Schema Definition Individual companies or organizations can maintain
their own ticket schemas (type) using XML schema
event.orgairline.org
TicketControl parameters
X.com
Y.comIndustry-specificproperties
Issuer-specificproperties
Issuer NetworkNetworkNetworkNetwork
Issuer
Issuer-specificSchema Industry-specific
Schema
The W3C Signed XML Workshop - Copyright © 1999 NTT -23-
Restriction-specified Incomplete Link <Variable> includes three sub-elements:
<CurrentValue>
<NewValue>
(Link to new value)
<Restriction>
Value of <Variable> is interpreted as <CurrentValue>
if D1 is not instantiated
Value of <Variable> is interpreted as D1
if D1 is instantiated and D1 satisfies <Restriction>
D0
D1
<Variable>
<NewValue>
The W3C Signed XML Workshop - Copyright © 1999 NTT -24-
Restriction-specified Incomplete Link A unique ticket ID is used to establish the relation bet
ween the property that is referred to and referred description
Other restrictions: Schema (Type) restriction Property value restriction Hash value restriction
The W3C Signed XML Workshop - Copyright © 1999 NTT -25-
Restriction-specified Incomplete Link
Original ticket Attached ticket / descriptionType Property Schema
restrictionValue restriction
Any transferableticket
Owner Transfer(certificate)
Issuer is thetransferor
Any deferredpayment ticket
Paymentstatus
Check or draft Issuer is a bank
Any document tobe authorized
Approval Approvedstamp
Issuer is thespecified issuer
Any ticket detailcan be described
Conditions None Digest value isspecified
Applications
The W3C Signed XML Workshop - Copyright © 1999 NTT -26-
Ticket Circulation Model
IIII
UU11UU11 UUnnUUnn
SSSS
IssueIssue
TransferTransfer
ConsumeConsume
Issuer Service Provider
UserUser
010110
0011
110011
1010
010110
0011
110011
1010
010110
0011
110011
1010
010110
0011
110011
1010
010110
0011
110011
1010
010110
0011
110011
1010
The W3C Signed XML Workshop - Copyright © 1999 NTT -27-
UUUU
Circulation Controllability Types of required tickets for a transaction are defined in the ticket to be circulated itself
2) Only registered members can circulate tickets
ABC
Driver’s license
Membership
Qualified shop
3) Only qualified shops can punch tickets
1) Only qualified shops can issue tickets
Check
Check
CheckCheck
UUUU
IIII
UU11UU11 UU22UU22
SSSSA MartA Mart
IssueIssue
TransferTransfer
RedeemRedeem
The W3C Signed XML Workshop - Copyright © 1999 NTT -28-
Ticket Trust Model
IIII
UU11UU11 UUnnUUnn
SSSS
IssueIssue
TransferTransfer
RedeemRedeem
OOOOOrganizer of a specific ticket
Issuer certIssuer cert Examiner certExaminer cert
User certsUser certs
Allows construction of a closed system for each ticket
A MartA Mart
A MartA Mart
ABC
ABC ABC
The W3C Signed XML Workshop - Copyright © 1999 NTT -29-
IIII
UU11UU11 UUnnUUnn
SSSS
IssueIssue
TransferTransfer
RedeemRedeem
OOOO Department of Motor Vehicles
Any ticket with PK can be used as a PK certificate
It depends on issuer’s or organizer’s decision
IIDDIIDD
Ticket Trust Model
A MartA Mart
A MartA Mart
ABC
ABC
ABC
The W3C Signed XML Workshop - Copyright © 1999 NTT -30-
Discussion Should we initiate XML Ticket WG?
Transform any Web terminal into a ticketing Transform any Web terminal into a ticketing machine for any ticket in the world!machine for any ticket in the world!
Should XML Ticket use the XML DSig?
Requirements:
Allows specification of digital signature attributes in the XML schema definition
Supports direct signature
Should we provide XML-based public key certificate?
We need simple certificates without ASN.1
XML Ticket can play the role
The W3C Signed XML Workshop - Copyright © 1999 NTT -31-
Requirements on XML DSig
AAAA BBBB
ReceiverSender
010110
0011
110011
1010
010110
0011
110011
1010
AAAA BBBB
ReceiverSender
010110
0011
110011
1010
010110
0011
110011
1010
NetworkNetworkNetworkNetwork
Schema
Schema cashSchema cash
Static properties:• Signature semantics• Defaults
Reduces ticket size by pre-distributing the schema
The W3C Signed XML Workshop - Copyright © 1999 NTT -32-
Requirements on XML DSig Overhead of separation is not negligible
Support direct signature?
<SignedDescription>
<Ticket>...</Ticket>
<Signature>...</Signature>
</SignedDescription>
<SignedDescription>
<Ticket>...</Ticket>
<Signature>...</Signature>
</SignedDescription>
<Package ID=‘data’>
<Ticket>...</Ticket>
</Package>
<Package ID=‘data’>
<Ticket>...</Ticket>
</Package>
<Signature>
<Manifest>
<Locator href=‘#data’>
<Digest>...</Digest>
</Manifest>
</Signature>
<Signature>
<Manifest>
<Locator href=‘#data’>
<Digest>...</Digest>
</Manifest>
</Signature>
Direct signature Indirect signature
The W3C Signed XML Workshop - Copyright © 1999 NTT -33-
Canonicalization is less important in XML Ticket
Signature is preserved since no change is made in each signed documents
Only attaches new signed documents
Requirements on XML DSig
AAAA 010110
0011
110011
1010
010110
0011
110011
1010 CCCCBBBB 010
110001
1
110011
1010
010110
0011
110011
1010
010110
0010
1100
Java object Java object